CyberWire Daily - US Defense Department and UK’s MI6 aren’t buying Russian honey over cyber operations. Iranian influence operations. Marriott breach fallout. Court upholds Kaspersky ban. Ransom and sanctions.
Episode Date: December 3, 2018In today’s podcast, we hear that senior US and UK officials have harsh words for Russian actions in cyberspace even as President Putin undertakes a charm offensive at the G20 meetings. (In fairness ...to the US and UK officials, it’s a pretty dour charm offensive.) Iran ups its influence operations game. Legal investigations and legislative responses to the Marriott breach begin. A US Court upholds the Government’s ban on Kaspersky products. And paying ransom to cyber extortionists could violate US sanctions. Daniel Prince from Lancaster University discussing growth, innovation and productivity within cyber security. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_13_03.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
Senior U.S. and U.K. officials have harsh words for Russian actions in cyberspace,
even as President Putin undertakes a charm offensive at the G20 meetings.
In fairness to the U.S. and U.K. officials, it's a pretty dour charm offensive.
Iran ups its influence operations game,
legal investigations and legislative responses to the Marriott breach begin,
a U.S. court upholds the government's ban on Kaspersky products,
and paying ransom to cyber extortionists could
violate U.S. sanctions.
From the Cyber Wire studios at Data Tribe, I'm Dave Bittner with your Cyber Wire summary
for Monday, December 3rd, 2018.
Russo-American relations, further strained by an escalation in Russia's hybrid war against
Ukraine last week, have continued to deteriorate. Influence operations provide a familiar cause of
contention. At the end of last week, U.S. Defense Secretary James Mattis said that Russia's attempts
to influence U.S. elections show that President Putin is a slow learner. Reuters reported
the secretary is saying, quote, Putin tried again to muck around in our elections this last month,
and we are seeing a continued effort along those lines. Mr. Putin is clearly a slow learner. He is
not recognizing that what he is doing is actually creating an animosity against his people. What we are seeing Putin do with his ripping up of international agreements,
we're dealing with someone that we simply cannot trust.
End quote.
The U.S. isn't alone.
At the G20 meetings in Argentina, President Putin proffered a kind of olive branch,
or at least spoke with some unaccustomed honey on his tongue,
praising Britain as an important partner. Britain, or at least MI6, unaccustomed honey on his tongue, praising Britain as an important partner,
Britain, or at least MI6, was having none of it.
As Bloomberg reports, MI6 director Alex Younger, in a rare public speech,
named Russia as a major state sponsor of terrorism and cyber attacks.
He counseled Russia not to take the UK lightly
and that the British have no intention of abandoning their case against Russia for, among other things, the Salisbury nerve agent attacks.
Younger added that while Britain did not seek escalation, neither would the U.K. remain supine in the face of Russian misbehavior.
Asked in Argentina about this sort of reception by much of the world,
President Putin said such accusations were a matter for the conscience of those presumably ill-willed or otherwise misguided people who say that Russia did such things.
In the case of the United Kingdom, Mr. Putin said,
quote,
that this must happen as soon as possible, we can overcome the difficulty in our relations.
Iran has for some time been a rising cyber power.
Recent U.S. indictments have focused on cyber attacks and cyber crime narrowly construed, but there are interesting signs that the Islamic Republic is now conducting
relatively sophisticated information operations.
This fresh capability, as Reuters reports,
is currently most clearly on display against targets in Arabic-speaking countries,
but it's by no means confined to them.
Some 70 countries worldwide have been targeted by Iranian websites
hosting disinformation and propaganda.
These operate as what Facebook would call inauthentic sites,
sites whose true ownership is obscured through fronts, false flags, and bogus identities.
The four most heavily targeted countries are Yemen, Syria, Afghanistan, and Pakistan,
followed by the UK, Egypt, Iran, the Palestinian territories,
Turkey, the US, Indonesia, Iraq, Israel, Russia, and Sudan.
The line the sites take is directly supportive of Iranian policies and of Tehran's view of the world,
but they represent themselves as independent voices carrying important news.
Attribution of the sites to Iran is largely the work of researchers at security firms FireEye and ClearSky.
Twitter, Facebook, and Google have all been used to amplify Tehran's messaging,
although these platforms have taken some steps to expunge such inauthentic accounts.
About half of the sites use services provided by U.S. companies CloudFlare and OnlineNIC,
which say they've looked into the matter
and are confident they're not in violation of U.S. sanctions against Iran.
Authorities are beginning their investigation of the major data breach Marriott disclosed last week.
As is often the case, the state of New York is first out of the gate.
According to the New York Law Journal, the state's attorney general on Friday announced
that her office was opening a probe that would not only look into the circumstances of the breach, but that would also determine whether Marriott's delay in disclosure constituted a violation of New York law.
And if you're an affected guest wondering if there was anything you could have done to protect yourself, cyber company Rook Security says essentially, no, there was nothing you could
have done against this sort of breach. Security firm Carbon Black calls the attack an instance
of island hopping, in which attackers pivot across distinct but interconnected parts of a
corporate target. Attribution of the attack remains unclear, but many observers think the
two proximate risks it raises are identity theft
and espionage. The breach has added impetus to congressional movement toward national
breach legislation for the U.S. as a whole. The U.S. Court of Appeals for the D.C. Circuit
ruled Friday that the government's ban on Kaspersky products can stand. It's not, after
all, an unconstitutional bill of attainder. The U.S. government's decision to keep Kaspersky products can stand. It's not, after all, an unconstitutional bill of attainder.
The U.S. government's decision to keep Kaspersky products
out of its networks will therefore stand.
Finally, Bleeping Computer points out that ransomware victims
now have another self-interested reason not to pay ransom.
Under current U.S. law and regulation,
if such payments go to the wrong
place, ransomware victims could find themselves in violation of U.S. sanctions. Two possible
illicit destinations for such payments would be Iran and North Korea. Calling all sellers. Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents,
winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers
to learn more. Do you know the status of your compliance controls right now? Like right now?
We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility
into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection
across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
And now a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your
company's defenses is by targeting your executives and their families at home? Black Cloak's award
winning digital executive protection platform secures their personal devices, home networks,
and connected lives. Because when executives are compromised at home, your company is at risk. In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
And joining me once again is Daniel Prince.
He's a senior lecturer in cybersecurity at Lancaster University.
Daniel, welcome back. We wanted to touch today on cybersecurity and how that can affect growth, innovation and productivity.
What can you share with us today?
So this has been a bit of a passion subject for me for a long time.
And, you know, it's the classic question, how can you measure return on investment for cybersecurity when, you know, you don't know whether something's going to happen?
You're not sure whether you're going to protect against those losses, but you never know whether you're going to be attacked.
I've got to the point now where I think that's the wrong way of thinking about cybersecurity and that return on investment.
um cyber security and that return on investment so the some of the stuff that we're doing here particularly working with businesses is to flip the question around on its head how do you actually
build a business growth strategy with cyber security at its core and we've been working with
uh a number of other universities in the greater manchester area in the uk so the university of
manchester university of salford, and Manchester Metropolitan University.
And we've got a project
that we're going to be supporting
a large number of businesses
to actually take them through a structured process
that puts cybersecurity
at the heart of their business growth strategy.
So this is a different question.
This isn't how you use cybersecurity
to prevent against losses.
This is how do you use cybersecurity
to grow your business.
And we firmly believe that cybersecurity doesn't just have to be related to protection against
that losses. We can actually use this to help you get market advantage. And we're certainly
starting to see a lot of evidence in the market that if you can differentiate yourself inside that
market because you are more secure than your competitor, you're starting to lever something with a client base that enables you to get bigger, get more sales and so on and become
more productive. The other thing that's key for me is that cybersecurity has always been
an incredibly innovative space. We're always having to innovate. We're having to innovate
against the attackers that are coming in. We're having to innovate we're having to innovate against the attackers that are coming in we're having to innovate new defensive strategies and one of the things for me is to take that innovative
approach and cybersecurity professionals and think about how we can start to apply that natural
innovative capability to sort of digital businesses and how can we drive those forward so that we have
that really great combination of a highly productive digital business, but also it's secure for the customers.
But in the last space, one of the other things is I often liken cybersecurity to health and
safety.
And when I talk about this, people kind of get a little bit upset with me because they
don't like health and safety.
But actually, health and safety is there within your organization to ensure that people don't get injured don't go off sick they're there
the health and safety is there to help them to be a productive worker and they're not taking
unnecessary risks that could potentially damage themselves or their equipment or the people they're
working with so in that way cyber security is also uh to the productivity. It's there to help your employees really work more effectively, take less risks that will potentially end up damaging the company and the equipment that they use.
Now, I'm curious, you know, from a business point of view, is this a situation where, you know, some of the folks from the cybersecurity
side of the campus need to walk over to the folks in the business school and have a sit down with
them and say, you know, you need to integrate our stuff deeper into your business classes?
Yeah, definitely. I think this is one of the vital things. And I think it's really important
that the folks in the management schools start to look at how cybersecurity can be this mechanism for growth, innovation and productivity.
Not just a mechanism to manage risk or defend against losses, but certainly some of the conversations that we're having here at Lancaster University.
I've been working with a behavioural economist for quite a while now, looking at some of these questions,
behavioural economists for quite a while now, looking at some of these questions,
thinking about how we can have these organisational structures that really support productivity and growth, but deliver a secure
and safe working environment for the employees and for the customers.
It's true now that every business is digital.
So we can't, you know, cyber security can't just be a separate thing.
And it can't just be a thing that we use to protect against losses.
We have to internalize that within our business strategies to really drive forward business growth, certainly within sort of modern climate where companies are really pushing to find that competitive edge.
And, you know, this cybersecurity can give you that competitive edge.
Yeah, it's really interesting.
As always, Daniel Prince, thanks for joining us. Staying ahead is more than just a challenge. It's a necessity. That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default
deny approach can keep your company safe and compliant.
And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing at thecyberwire.com.
And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for Cyber Wire Pro.
It'll save you time and keep you informed.
Listen for us on your Alexa smart speaker, too.
The Cyber Wire podcast is proudly produced in Maryland out of the startup studios of DataTribe, where they're co-building the next generation of cybersecurity teams and technologies.
Our amazing Cyber Wire team is Elliot Peltzman, Puru Prakash, Stefan Vaziri, Kelsey Vaughn, Tim Nodar, Joe Kerrigan, Carol Terrio, Ben Yellen, Nick Volecki, Gina Johnson, Bennett Moe, Chris Russell, John Petrick, Jennifer Iben, Rick Howard, Peter Kilpie, and I'm Dave Bittner.
Thanks for listening. We'll see you back here tomorrow.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role. Data is hard. Domo is easy.
Learn more at ai.domo.com. That's ai.domo.com.